Enterprise organizations often struggle with the decision between private vs. public cloud services. Although this internal debate has been going on in IT departments for some time now, there is a newer trend happening — the CEO’s involvement and influence on cloud service selection is increasing.
- Review Internal IT Processes to Match Cloud Services
- Review Current IT Skill Set and Time Commitments
- Don’t Forget About Security
- Making the Proper Decision — A Cloud Adoption Story
- The Last Word
Today, CEOs are more in tune with their CIO counterparts regarding technology options which will enable growth of the overall business. They also realize that cloud services can help focus the company’s resources and help cost effectively bring new services to market quicker. The current state is that the cloud platform selection is now equally a business decision as much as it is a technology decision, with the CIO being tasked to leverage technology as a strategy to help drive the business forward.
When choosing between private and public cloud services, it’s helpful to set up some guidelines. One of the first areas to consider is how comfortable you are with the shared hardware of a public cloud. If added security or compliance services are required, a better fit may be a private cloud environment. In some cases, the optimal solution may be a hybrid cloud approach where leveraging both public and private clouds yield the best performance and data protection for sensitive information, with the benefit of scalability where needed.
Another major factor in the public vs. private decision is determining how workloads will be moved and the best migration and management services to support them. Here again, it is important to note that not all workloads are suitable for cloud environments. Some legacy applications do not support virtualization and therefore present a problem when trying to incorporate them into a public cloud. Medical applications, CAD/CAM files, and other large single-file data sets tend to fall into this category.
To help take the stress out of making the decision between private and public cloud services consider the following process.
The key to solving the cloud conundrum is finding an experienced managed IT solutions provider that can help an organization customize the best cloud combination that addresses present and just as important, future application requirements.
Leading public cloud providers realize that most enterprise organizations are not truly ready to turn all of their compute needs over. This underscores the value of managed IT solutions providers to fill the role of trusted advisor. Optimization, data transfer costs, and application development platforms are some areas that must be carefully considered before selecting the best matched cloud services. As a first step in making a decision, there is a common list of internal questions that every company needs to answer before embarking upon cloud services:
- Do you have any compliance requirements that dictate dedicated hardware?
- Does your application have specific compute requirements that can be met in the public cloud?
- Does your application have explicit storage requirements? High IOPS? High capacity?
- Do you have any custom network requirements (e.g., need for physical IDS/IPS)?
- Does your IT support staff require access to the hypervisor?
- Are your VMs able to be rebooted as the public cloud provider’s infrastructure might dictate?
Once the application’s infrastructure questions are addressed, it’s time to review the IT staff skillset and required time commitment to manage cloud services. Hosting services vary from basic hardware management to fully managed cloud services. Therefore, it is necessary to determine if the company’s internal IT staff is both capable of and willing to perform the following in order to establish a baseline:
- Learning/maintaining 15 to 20 certifications typically required to manage the entire stack of hardware and software services.
- Mastering the various public cloud interfaces.
- Integrating various monitoring capabilities and managing to a SLA.
- Deploying security policies for compliance and to mitigate risk.
For any successful cloud decision, it's also a matter of determining the motivation to move along the IT outsourcing adoption curve. While start-ups have a cloud-first strategy, most organizations have a mix of legacy and new applications in their own data centers and the move to the cloud and to managed services is not a decision that is made uniformly. There are many pain points that determine the speed at which a company moves along the IT outsourcing adoption curve, such as:
- The realization that the costs of expanding or adding a secondary data center don’t compare to the lower costs of colocation.
- The desire to no longer own hardware and instead lease hardware from a cloud provider.
- A need to shift resources away from non-differentiating activities such as data backup or OS patching.
In each of these scenarios there is a stair-step approach to different service levels. At each stage an experienced managed IT service provider has the unique ability to serve the enterprise organization with customized help. This is a value-added migration service that organizations will not find in today's most popular stand-alone cloud provider offerings.
The decision to move to any cloud service cannot be made without first considering what type of security is needed. There are six basic questions that need to be addressed before choosing to outsource any part of IT security:
- How do you currently ensure the security and reliability of your systems?
- How do you ensure the physical security of your facilities?
- Can you maintain industry and regulatory compliance?
- How do you protect your network against DDoS attacks?
- Do you have a current disaster recovery plan?
- How do you isolate individual tenant systems and data?
It should be noted that just because a company selects a private cloud and is fully compliant, it does not automatically mean their data is secure. Systems used to manage, process, and store data are always in a constant state of flux. Just minutes after a system has been certified compliant, even a small change in the system can nullify federal certification and leave the door wide open to hackers. Twenty-four hour network surveillance and log monitoring from managed IT providers will help identify and stop this from occurring.
A large software provider focused on the business of distributing business materials through their ERP application provides a good example of a thoughtful cloud migration. This company selected a private cloud model to support their customers’ implementations and recently decided to roll out a new CRM application. The CRM application was delivered in a SaaS model and propelled by AWS public cloud.
Assessments of internal IT processes and skillsets determined application flexibility and the need for an inexpensive platform to launch the company’s new CRM application. AWS offered the CIO the flexibility to grow services while enabling the internal IT staff to track performance as needed throughout the entire CRM development life cycle. AWS also provided the CEO with significant financial relief as the company was billed for cloud services on a month-to-month basis. Helping the company make the best cloud decision for their new CRM application roll-out was a qualified managed IT company.
When making the decision to go with a private or public cloud, companies need to fully assess internal IT processes and skills before making a move to host applications elsewhere. Many companies do not have the IT expertise or the time to learn all the toolsets that accompany today’s robust cloud offerings — that’s the impetus of turning to the cloud in the first place. Do not underestimate the importance of working with a managed services provider who has experience across industries to help guide you through the public vs. private cloud decision-making process.