Cloud Computing: What is your strategy?
Private Cloud Computing
A private cloud uses a hardware, storage and network architecture that is owned by the client or service provider and is dedicated to a single organization. Using a private cloud with managed services (e.g., for keeping hardware running or updating software) is a variation of this setup.
Before implementing a private cloud setup, you should consider aspects such as…
- Security - You can configure hardware, storage and network for high security levels.
- Data retrieval - Typically, retrieving or transferring data to a different provider from a private cloud is easier than doing the same from a public cloud.
- Regulatory compliance - Your organization can adhere to Sarbanes Oxley, PCI and HIPAA standards with a private cloud, but not with a public cloud.
- Customization - You can establish performance standards for hardware, storage and network in a private cloud.
These characteristics tend to make private cloud setups a good fit for many mid-size and large companies.
Public Cloud Computing
In a public cloud setup, a service provider gives the client access to resources such as applications and storage using a pay-per-usage model. When deciding whether a public cloud setup is ideal, you should look at factors such as…
- Security – Several large corporations use public cloud networks and have experienced data breaches in recent years. When using public clouds, consider requiring providers to adhere to cloud-specific security standards such as ISO/IEC 27017 or ISO/IEC 27018.
- The pay-per-usage model - Paying by the hour can be more economical if your organization undertakes a lot of custom development projects, or if your leadership wants to get out of the data center management business.
- Freedom from contracts - Your organization can end its use of a server without being bound to a contract.
- Regulatory compliance - An organization that uses a public cloud shares hardware, storage and network devices with others, so adhering to regulations such as Sarbanes Oxley, PCI and HIPAA is not possible.
- Hardware performance - You get a virtual server on a designated network and hardware. Therefore, it is difficult to establish your own performance standards.
- Business seasonality - Public cloud computing might make sense if your organization’s business is seasonal in nature (for example, you process a high volume of e-commerce transactions during certain months of the year and require corresponding levels of data storage).
- Funding - It may be possible to pay for a public cloud setup with operating funds rather than capital funds, the latter of which may require a drawn-out procurement process.
Hybrid Cloud Computing
A third setup exists that provides organization with a great deal of IT and financial flexibility. The hybrid setup integrates on-premises private cloud and third-party public cloud services. As computing needs and costs change, you can move workloads between the private and public clouds.
Another type of hybrid setup is using either a private or public cloud for web development, combined with internal applications and database servers maintained by the IT staff. You can respond to demand by increasing or decreasing the number of web servers accordingly.
Choosing a Cloud Provider
Once you’ve decided that cloud computing is right for your organization and determined which setup is best for you, the next major decision is to identify the right cloud provider. Here are some tips to keep in mind:
- Make sure both you and your provider know your business objectives. Involve your business units in the decision-making process.
- Understand that the location of a cloud provider’s data centers is important, particularly if yours is a global organization. Having Data Centers in multiple locations is a requirement to provide better business resiliency. Security and compliance regulations may vary widely from country to country.
- Make sure you determine the network availability, latency level and cost of moving data.
- Consider verifying provider capabilities with a third-party compliance audit such as the MSPAlliance’s Unified Certification Standard for Cloud and Managed Service Providers. The certification requires providers to meet control objectives in 10 areas, including corporate structure, service level policies/procedures, data security and fair billing.
- Choose a provider that gives you confidence in the security of the network and your data. Consider requiring Security Trust and Assurance Registry (STAR) certification through the Cloud Security Alliance and British Standards Institution, which mandates a third-party assessment of the security environment.
- The Open Data Center Alliance’s Proof of Concept document is a resource that provides guidance for both performance and ROI comparisons.
We can help you make the right choice.
As you can see, deciding whether to use cloud computing, choosing the right provider and understanding the impact of cloud migration on your business involves many factors. This guide serves as a starting point. Call us at 203-756-4243 or request a consultation online to get further guidance on your organization’s unique IT needs. We’re here to help!