What Kind of Cloud Is Right for My Business?

Consider a public, private or hybrid approach.

In our work providing managed IT services, we often get asked for our opinion on public versus private cloud services: “How can we maximize our IT budget without compromising security or performance? What are the trade-offs?”

Let’s start with a few definitions to set the stage:

Public Vs. Private

When we refer to the public cloud for the purpose of this discussion, we mean that more than one customer is consuming the infrastructure resources, i.e. multi-tenant. There are plenty of examples of well-known public cloud providers including Amazon Web Services, Google and Microsoft. Some of these organizations also offer private clouds, as well.

Many companies choose public clouds because there is an assumption that public can be less
expensive than private, although this is not always the case. Even though “public” doesn’t mean everybody has access to your data, it does mean that you will need to ensure your firewalls and other security measures have been thoroughly considered and fully implemented.

A private cloud involves for-your-use-only dedicated servers in a data center or virtual environment. Only a single enterprise or business unit is using the infrastructure resources.

One of the biggest advantages of a private cloud is the nonshared resources for mission-critical applications. Simply investing the extra funds up front in a private cloud does not guarantee security, however. As with a public cloud, you still need to address specific risks.

Mythbusting

Which leads me to the first myth I’d like to dispel: “Public clouds are a security risk.” Perhaps this might have been true in the early days when cloud computing was a lot less sophisticated than it is today. Even if you share resources, reputable managed IT service providers will ensure there is isolation between your data and that of anyone else who shares the same resources.

Nevertheless, the belief that public clouds are a security risk is so common that it leads to our next misperception: “You can’t be compliant in a public cloud.” If you search the Internet, you can easily find “experts” claiming that you cannot achieve compliance in a public cloud environment. While it’s not necessarily a one-step process, the key to successfully navigating the compliance waters is to determine which of the many available certifications are relevant to your business. If possible, identifying the proper requirements from your internal stakeholders and clients is a critical initial step when developing your public cloud compliance strategy.

Why Use a Private Cloud?

So if security isn’t an issue, why should organizations pay extra for a private cloud? It all boils down to performance and availability.

In a public cloud, you are sharing resources, servers and bandwidth. No matter how your managed services provider tries to estimate your requirements, it can be challenging to guarantee performance of varying workloads.

For some services, this may not be a problem. However, for others, such as client-facing e-commerce sites, a sudden drop in performance could mean lost revenue.

The Best of Both Worlds

The hybrid cloud takes advantage of the public cloud for those applications where performance isn’t as critical and a private cloud for those services where it is.

For example, you might host your business- management software on a private cloud and your website on a public cloud. E-commerce applications typically interface with both your website and ERP system. These applications could sit on either server, but most organizations would probably opt to have them in the private cloud—but for performance, not security reasons.

Another hybrid arrangement that is common among many customers is to have their test/dev websites in a public cloud. This makes it easy to spin up resources during development. When they roll out their applications to their users, they will migrate them over to the private cloud and shut down their test/dev site. This helps them maximize their budget since they aren’t paying for dedicated resources before they need them.