The Cloud is Here! Now, Where Is It?
Recently, I was working with an accounting firm that wanted help in assessing their technology roadmap. They’d been hearing about the benefits of the cloud for years but weren’t sure they were ready to take the leap. They knew there were some advantages, but couldn’t definitively list them, and the risks they’d heard were all worst-case scenarios and fears rather than reality. But with an impending server refresh to replace older and unsupported hardware looming, and the associated capital costs set to wipe out their IT budget, they wanted to reevaluate.
They were surprised to learn how far “the cloud” has come. Many services they needed but didn’t think would be affordable (such as data protection services, real time backups and versions and better remote access options) have been commoditized and are more accessible through cloud services. The costs and the security benefits were also very enticing. Excitement built quickly, and they were ready to get started right away. Then the Managing Partner called me aside and said “Great! The cloud is here! Now, where is it?”
It’s a question a lot of people in the industry ask. Fortunately, like the firm I was working with, you have some options.
What type of cloud is right for me?
There are generally three cloud categories, organized around the location of the cloud: private, public and hybrid. But there are also newer terms that are coming into the discussion these days: “outsourced cloud” and “true cloud.”
The nomenclature varies as different people and companies have different definitions for some of the variables in each, but the general categories and descriptions below are enough to get everyone moving in the same direction.
Private Cloud – ‘Private’ comes from the distinction of the remotely located environment not being shared with any other companies or their data. In this scenario, the intention is to keep as much control and minimize risk as much as possible, while still providing some of the benefits and ‘feel’ of being in the cloud. Often, the company moves servers and applications to a firm controlled data center. This centralizes the data, making it easier to consolidate storage, run proper backups and plan for business continuity scenarios. Employees access the information either directly over the local network or through a variety of remote access tools, often including RDP, Citrix or VMware. VPN’s and information portals are also leveraged frequently.
One of the misconceptions about building a private cloud solution is that it will be one of the most secure options available. In fact, it is considerably riskier for the firm from a security perspective. To gain the remote access benefits, the data must be accessible from anywhere. That makes it a target. And the security and compliance responsibilities still fall on the firm’s technology team, which often doesn’t have specialized security experts.
Another drawback of this setup is that it still requires a large amount of capital expenditure. Servers, storage, routers, bandwidth, licenses and repair warranties will all continue to be the responsibility of the firm. It may be cheaper and more efficient than a local distributed server system, but it doesn’t save nearly as much as people initially think.
Note: This can also be done at one of the firm’s physical locations instead of 3rd party data center.
· Centralized data
· Virtualized systems
· Increased remote access
· Better DR/BC options
· Single tenant system
· Have to purchase and support equipment
· Doesn’t save as much as expected
· Responsible for security
· Additional bandwidth node
Public Cloud – In this model, resources like storage, applications, connectivity, memory and processing power – the complete computing structure – are made available via the internet to anyone who subscribes to the services. Your firm’s data, while segregated and heavily restricted for accessibility and security, is stored on servers that house the data of other companies as well (multi-tenant). Due to the prevalence of encryption (in-transit and at rest) and the capability to privately control encryption keys, this poses much less risk for data privacy and security than it once did. And because these are essentially distributed data networks, economies of scale keep costs low and scalable. Providing additional resources is simple and straightforward.
In our industry, we often see the public cloud offerings as a subscription to a specific application (Software as a Service). Examples would be GoSystems RS or CC