Demytisfying the public or private cloud choice: Compliance, cost, and technical requirements
Every business wants to operate like a tech company today. Companies can’t thrive without improving IT, and executives must decide where to house and process data – under these circumstances, cloud strategies are increasingly nuanced.
A Forrester study found that just 4% of organisations run their applications exclusively in the public cloud today, and 77 percent of organisations are using multiple types of clouds, both on-premises and off-premises.
So do you take the public or private cloud route? This can be a complicated question for companies, so let’s look at some starting considerations.
Chick-fil-A uses a mixture of private and public cloud to support operations by deploying small Kubernetes clusters in each store to support transactions
Most of IT’s budget and attention is focused on what used to be called “off-the-shelf applications”: email and calendaring, collaboration apps and industry specific software. These applications are often slow-moving fodder in a cloud strategy and should be moved to public cloud first. Gartner expects more than 70 percent of businesses will be substantially provisioned with cloud office capabilities by 2021.
Moving these types of applications off-premises frees up resources to focus on building out larger software development and delivery capabilities, the core asset for any successful digital transformation.
Complying with regulation
When collecting user data – location, personal information, credit card information – there are a whole list of compliance issues that will drive cloud choice.
Sifting through various regulations and barriers to decide whether to use a public or private cloud for storing a user’s data, will throw up many questions that need answers. For instance, how do government policies shape operations and strategies? Certain safety measures or auditing points can create huge costs and public cloud solutions might have done the work already. What rules and regulations govern the data being collected? Do we own the data? What is the geographical definition of ownership – does anyone else share it?
While compliance issues may seem like a productivity blocker, understanding why they exist and working with auditors will help determine business imperatives.
Regulations are aimed at avoiding nefarious uses such as selling personal data to advertisers or stockpiling profiling data to meddle in politics. The data management needs of the GDPR are driving many organisations to reconsider where they store user data. Often, running their software on private cloud affords more control. On the other hand, there are cases where using a public cloud service is better. Complying with all payment handling and tax regulations globally might be easier to achieve with public cloud-based services. Handling sensitive documents might also be better outsourced.
Of course, pure public cloud is rarely an option. Retailers, for instance, often have competitive concerns that drive them away from using Amazon Web Services (AWS), or other cloud software companies might not want to use Google’s tools.
Pinning down technical requirements
Nailing a comprehensive list of technical requirements will create a good checklist. These should include operability of different database frameworks, load balancing, licensing ramifications and bandwidth limitations. For example, Chick-fil-A uses a mixture of private and public cloud to support operations by deploying small Kubernetes clusters in each store to support transactions.
When moving to public clouds, engineering teams lose certain operational controls and often need to re-architect their code. New runtime environments in public cloud often require new skills as well. However, none of these concerns are impossible to solve.
Different cloud solutions don’t lend themselves to easy comparisons like new phones do: run down a checklist of features and specs, then weigh against the price tag. Cloud architectures are complex and need to be visualised too far forward in time. The process is similar to buying solar panels, where the upfront cost hurts, but businesses are playing a longer game with the investment. However, businesses need to be sure they are staying put (to keep the analogy going) with strategy, features and hardware, such as servers and an ops team. Those can quickly become painful losses if, in a couple years, overhead costs aren’t assessed correctly.
There are some basic starting points:
- What features of public cloud would be better than private cloud – and how can real financial value be assigned to them?
- How useful are machine learning tools in the cloud being considered? A retailer could use such services easily to start targeting ads or upselling recommended items, and so they might choose Google’s cloud. Or maybe for regulatory reasons, or because the retailer can do it better themselves, they’ll do this processing on their own, private cloud
The focus on business outcomes is what should drive the choice of public versus private cloud. It’s all too easy to look at either option based purely on cost. When IT is a core business enabler, the best approach is to consider how much money the chosen service can make the company. Focus then shifts to what type of infrastructure enables software teams.
Compliance issues may seem like a productivity blocker – but understanding why they exist and working with auditors will help determine business imperatives
A platform that focuses on delivery speed to enable designing better, more productive and profit driving software is preferable. In some cases, this might mean modernising an existing, private cloud-based stack. Oftentimes, organisations operate under five, ten, or even decades old notions of how software should be developed and run. Shifting to a more contemporary, agile approach can drive dramatic results.
Seeing through the clouds
A business has to understand what it is building – it’s surprising how many engineering teams still build in the dark.
Companies should ask themselves: how much traffic will the application get? Will it only be used internally? Who affects the load? What data handling and process regulations need to be followed? Will the application branch out to other areas of the business? If it touches the public – will it be mobile?
The questions don’t end. In a point of transition like we’re seeing in IT, it’s good to err towards maximising flexibility to provide the most options in the future as needs change. Over the next five years (if not longer) businesses will experiment with new strategies and business models, and they’ll need an IT partner who is equality deft and ready for whatever exciting adventure comes next.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » Check Point exposes yet more shared responsibility misunderstandings for cloud security
- » Fulfilling the promise of NFV with reconfigurable computing
- » How new cloud agents are increasing confidence in the public cloud
- » How a multi-cloud approach works and what it means for your organisation: A guide
- » Understanding Kubernetes today: Misconceptions, challenges and opportunities