Up to now, IT decision-makers have learned how to understand, choose, and implement IT infrastructure that resides and runs in their company’s own server room. They knew, for instance, if they needed a new email server, that HP and Dell are good brands. They knew that they needed to purchase Windows and Exchange licenses. They knew to hire someone knowledgeable to properly setup and maintain that email server. And if that server broke, they knew who to call to get it fixed.
But because of the rise of cloud-based services, companies no longer automatically put servers in their own buildings. They now have to consider using cloud-based services – applications and systems already set up in the “cloud” (the Internet), and run by people we usually don’t know or ever see. Cloud service providers promise that, for a monthly fee, they’ll provide all the IT function we need. A popular example is Office 365, Microsoft’s hosted email system. Instead of dealing with the complexity and capital cost of installing Exchange on a company’s servers, companies pay Microsoft to host it for a low monthly fee.
This means, however, that the decision-makers now need to weigh the benefits offered and decide which cloud services are best for their business. And because it’s a different and still relatively new way of doing IT, most in the industry have yet to fully grasp all they need to consider.
Here are some things to look at when comparing the pros and cons of onsite servers vs cloud-based services; they’ll help prompt questions when vendors come calling:
- Onsite: Usually, purchasing a server and software meant a company made a large capital expenditure for systems, and would use them for as many years as possible before having to do it all over again. This usually allowed companies to upgrade at their own pace, based on budget.
- Cloud: Cloud-based services are almost always an operating expenditure with no or little capital purchase. But while they are cheaper on the front end, costs continue for as long as the service is used and may eventually surpass what it costs to build and host themselves. One advantage of cloud-based services, though, is that companies can flex-up/flex-down quickly just by paying a different amount each month.
- Company’s responsibility: Decision-makers need to determine if, over the long-run, the cloud-based services are truly cost effective by considering capital costs and operating costs, including any hidden fees. They need to ask about possible extra charges for bandwidth, storage, customization, processor usage, vpn/security options, etc.
- Onsite: When companies build their own servers onsite, they control how secure they are. They understand how it is architected, and can prove its security level by running their own tests. And because they don’t share their infrastructure with others, they don’t risk other companies seeing their data.
- Cloud: With cloud services, it’s taken on faith that the cloud provider has a solid security architecture, technical safeguards, and administrative controls to protect data.
- Company’s responsibility: Companies must ask what security policies & procedures cloud service providers have in place, and may even need to routinely security-test their systems. But in the end, companies may be taking more risk with a cloud provider because they don’t have hands-on control. Additionally, if a company has compliance requirements like SOX, HIPAA, and PCI, then it should make service providers prove their compliance, or sign legal business associate agreements making them liable for lost or leaked data.
- Onsite: Companies always backup their onsite systems (right?). It’s common knowledge to take regular backups, to backup open files and databases, to have backup data offsite to protect against disaster, to encrypt that data while its offsite, and to regularly test restores, verifying the integrity of the backups.
- Cloud: With cloud services, however, companies must trust that the provider is backing up data with enough regularity and retention, that the backups are complete, that they are protected against disaster, that the data is encrypted, and that they are indeed able to restore data, if required.
- Company’s responsibility: Companies must ask service providers to prove that their backup system is complete, working, and has granularity and retention proper for their business needs.
- Onsite: When an onsite IT systems break, a company can put all-hands-on-deck and work non-stop to fix a problem.
- Cloud: When it’s a cloud service, with support people available only by phone or email, companies are at the mercy of their provider, and must simply trust the provider is working diligently and competently on their problem.
- Company’s responsibility: Companies should ask the cloud provider what their guarantee for uptime is, and what compensation is due (e.g. refund) if guarantees are not met.
- Onsite: When it’s a company’s own IT system, they can run the hardware and software they purchased for as long as possible, getting maximum use of their investment.
- Cloud: If a cloud service provider suddenly goes out of business, the system and data may suddenly be unavailable with no way to get it back.
- Company’s responsibility: Decision-makers should investigate cloud providers to ensure a proven track record, financial viability and profitability (to determine if they’ll likely stay in business long-term), and should consider backing up the hosted data to someplace outside of their service so that its data is still in existence if the provider went belly-up.
There may be other criteria to assess cloud service providers, but the industry will need to learn them from future experience. Right now, though, the promised advantages of cloud-based services are too great to pass up. TNSC can help companies choose reliable cloud service providers and integrate the services with a businesses’ operations.