The Cloud is Here! Now, Where Is It?
Recently, I was working with an accounting firm that wanted help in assessing their technology roadmap. They’d been hearing about the benefits of the cloud for years but weren’t sure they were ready to take the leap. They knew there were some advantages, but couldn’t definitively list them, and the risks they’d heard were all worst-case scenarios and fears rather than reality. But with an impending server refresh to replace older and unsupported hardware looming, and the associated capital costs set to wipe out their IT budget, they wanted to reevaluate.
They were surprised to learn how far “the cloud” has come. Many services they needed but didn’t think would be affordable (such as data protection services, real time backups and versions and better remote access options) have been commoditized and are more accessible through cloud services. The costs and the security benefits were also very enticing. Excitement built quickly, and they were ready to get started right away. Then the Managing Partner called me aside and said “Great! The cloud is here! Now, where is it?”
It’s a question a lot of people in the industry ask. Fortunately, like the firm I was working with, you have some options.
What type of cloud is right for me?
There are generally three cloud categories, organized around the location of the cloud: private, public and hybrid. But there are also newer terms that are coming into the discussion these days: “outsourced cloud” and “true cloud.”
The nomenclature varies as different people and companies have different definitions for some of the variables in each, but the general categories and descriptions below are enough to get everyone moving in the same direction.
Private Cloud – ‘Private’ comes from the distinction of the remotely located environment not being shared with any other companies or their data. In this scenario, the intention is to keep as much control and minimize risk as much as possible, while still providing some of the benefits and ‘feel’ of being in the cloud. Often, the company moves servers and applications to a firm controlled data center. This centralizes the data, making it easier to consolidate storage, run proper backups and plan for business continuity scenarios. Employees access the information either directly over the local network or through a variety of remote access tools, often including RDP, Citrix or VMware. VPN’s and information portals are also leveraged frequently.
One of the misconceptions about building a private cloud solution is that it will be one of the most secure options available. In fact, it is considerably riskier for the firm from a security perspective. To gain the remote access benefits, the data must be accessible from anywhere. That makes it a target. And the security and compliance responsibilities still fall on the firm’s technology team, which often doesn’t have specialized security experts.
Another drawback of this setup is that it still requires a large amount of capital expenditure. Servers, storage, routers, bandwidth, licenses and repair warranties will all continue to be the responsibility of the firm. It may be cheaper and more efficient than a local distributed server system, but it doesn’t save nearly as much as people initially think.
Note: This can also be done at one of the firm’s physical locations instead of 3rd party data center.
· Centralized data
· Virtualized systems
· Increased remote access
· Better DR/BC options
· Single tenant system
· Have to purchase and support equipment
· Doesn’t save as much as expected
· Responsible for security
· Additional bandwidth node
Public Cloud – In this model, resources like storage, applications, connectivity, memory and processing power – the complete computing structure – are made available via the internet to anyone who subscribes to the services. Your firm’s data, while segregated and heavily restricted for accessibility and security, is stored on servers that house the data of other companies as well (multi-tenant). Due to the prevalence of encryption (in-transit and at rest) and the capability to privately control encryption keys, this poses much less risk for data privacy and security than it once did. And because these are essentially distributed data networks, economies of scale keep costs low and scalable. Providing additional resources is simple and straightforward.
In our industry, we often see the public cloud offerings as a subscription to a specific application (Software as a Service). Examples would be GoSystems RS or CCH Axcess.
· Controlled costs – Pay for what you use
· Increased performance over private cloud
· No capital investment in hardware or software.
· Data security is provided by an expert team and is a priority.
· No control over the infrastructure
· Data may be located anywhere
· May have long SLAs
Hybrid Cloud – This model is the most common, and can be any combination of on-premises, private cloud, or third party public cloud service integrations. The system is maintained by both the firm and the vendor, with each being responsible for some parts of the whole.
Some services are migrated into either a private or public cloud, while others (particularly legacy systems or applications with low latency tolerances) might remain installed locally on site.
An example would be outsourcing some functionality, such as backups to a data center or email to the public cloud while retaining some localized services (like legacy or specialty applications) for performance or compatibility reasons.
· Can be done in phases
· Leverages best-of-breed approach
· Can balance risk and accessibility
· Keep legacy systems, but gain some cloud benefits
· Take advantage of commoditized services with low entry barriers
· Extra effort needed to ensure compatibility between local/cloud based systems
· Costs not completely controlled (Capex and Opex)
· DR/BC concerns must be addressed
· Can be worst of both worlds if done poorly
True Cloud (or Infrastructure as a Service) – This solution entails taking virtualized servers and migrating them directly into a high accessibility, pay-as-you-go computing environment such as AWS or Azure. This can be done by the firm to remove or reduce physical servers. Innovative IT teams leverage this method to move servers (data and applications) out of the firm and into the cloud when there is no vendor-provided cloud solution.
The benefit of purchasing only physical computers must be weighed against the lack of physical accessibility. The only means of remediating any issues are through software management tools or the vendor’s support desk.
The term “true cloud” may also be applied to software vendors who offer applications through a browser-based interface with no software download requirements. In concept, it should be the same experience on an iPad or a Chromebook as it would be on a Mac or Laptop.
An example of this could be Office 365 and Exchange Online residing in the Public Cloud based on the Azure environment. There is no hardware to buy, no servers or software to maintain, but no way to resolve issues except through the admin console or Microsoft support. Another example could be virtualizing an older on premise only tax application and migrating it into the Azure or AWS cloud where it can be accessed and used remotely.
“True Cloud” or IaaS
· Controlled Costs – Pay for what you use
· Scalable – easy to expand on demand
· Simplified provisioning
· No capital investment costs
· Back-end data security is provided at a very high level
· Less control over the location of the data, may be in any number of data centers
· May have long support SLAs
· Biggest security risk remains your employees
Outsourced Cloud – One final variation is “outsourced cloud.” Leveraging this entails moving all server functionality off-site to be managed by another company. Staff accesses all resources remotely, even when they are working from an office. Most applications and services are run in a virtual environment hosted by the provider.
The most common example of this is XCentric, which specializes in providing this service to accounting firms.
· Everything is handled by the provider
· Simplified management
· Support included
· Built in backup and DR
· Costs are known and predictable
· Easy to get started with conversion help to their systems
· Support times can vary
· Updates need to be cleared and scheduled in advance
· Bandwidth needs must be provisioned and planned for properly
· No internet = no access or applications
The time has come to move your practice into the cloud. The benefits can be enticing and there is a path forward for every firm. Once you’ve determined your tolerance for risk, available budget and project timeframe you can choose which of the cloud solution models work best and start your journey into the cloud!