It took a while to evolve, but cloud is now a well-accepted way to host and provision IT services. While the benefits of cloud – capital cost reduction, simplicity, speed and scale – are generally well-understood by most organizations, IT leaders often still struggle to determine which type of cloud service to choose.
“When moving to the cloud, companies are faced with an array of options that can make it difficult to map out a clear implementation strategy,” said Greg Pierce, chief cloud officer of Concerto Cloud Services.
Before deciding between public vs. private cloud, it’s important to evaluate the pros and cons of each.
Public clouds are highly scalable and offer businesses strong reliability at a relatively inexpensive or flexible price. Public cloud options also do not require much management or overhead maintenance.
“This option is great for companies that are not ready to invest in expensive hardware or software and do not handle highly regulated and sensitive information,” said Bill Ho, CEO of Biscom.
However, it’s also important to note that the shared infrastructure of public clouds are often not as secure as private infrastructures and there is no control of the system hardware and environment, added Ho.
“Public cloud services weaknesses typically involve concerns about security, control and cost containment at scale, which is why many companies do not move mission critical applications to public cloud,” said Mark Lewis, CEO of Formation Data Systems.
However, public cloud providers have aggressively responded to security concerns over the past few years. Along with providing documentation of their security architecture and controls, cloud providers often allow customers to perform security assessments including penetration tests, explained Thomas Phelps, vice president of Corporate Strategy and CIO at Laserfiche.
“For more sensitive data, cloud providers have FedRAMP compliant systems, which is a federal program to provide a consistent framework for security assessments and authorization of cloud products and services,” said Phelps.
Some cloud-based solutions even go one step further by segmenting data into separate databases for each customer account.
Another benefit of public cloud is speed.
“Application development teams are off on their own building new digital services and they don’t want to be bogged down by existing policies and processes, they just want to move fast,” said Brian Emerson, senior director of Product Management at BMC. “So public cloud becomes the de facto choice for agility and speed, but little attention is often paid to how secure they are or to process controls in service management practices such as policy compliance, audit trails, change management, etc.”
In contrast, private cloud is often highly secure and provides businesses much more control over their environment and system.
“Private clouds are an ideal option for companies that work within regulated industries, handle guarded information and cannot risk a data breach,” said Ho.
Private cloud is also the most expensive option, is not as scalable as public cloud and requires more system management.
For private cloud systems, the challenges many organizations face have to do with data migration from legacy infrastructure, capital cost management and consistently delivering performance to multiple applications and services at scale.
“This is why many organizations that choose to build private cloud services begin with software-defined services that offer the agility and flexibility to deliver the cloud experience with the control mechanisms required to maintain compliance and data governance,” said Lewis.
Of course there is a middle ground between public and private cloud: Hybrid
“The reality… is that many companies still rely on on-premises applications,” said Chris McNabb, general manager at Dell Boomi. “A true hybrid approach, involving apps deployed in both public and private clouds and on premises, will be common for many years to come.”
The hybrid approach also allows a company the chance to try cloud without overcommitting.
“Hybrid is often a migration path for IT departments needing to make the business case for moving toward the cloud,” said Sarah Lahav, CEO of SysAid Technologies.
Before committing to any option, it’s important to determine which will best fit business goals and needs.
Find out how much capacity and control you need, and how dynamic the capacity will have to be. If you don’t need much or either, a public cloud solution might be best. Finally, how much can you invest in a new solution?
“If you have any data storage or protection requirements, such as meeting certain compliance standards like HIPAA, using a private cloud is the best option,” said Ho. “Ask yourself if the security and control private cloud solutions offer is worth a data breach and risk of being hacked.”
Indeed, understanding the organization’s security posture may be the most important consideration of all. If your business conducts activities like taking payment information or storing customer data, private cloud will likely be the best option.
“To decrease the level of exposure, eventually there needs to be a discussion about whether or not the organization has the right amount of control,” said Lewis. “Part that discussion is acknowledging if and when to sacrifice some of the efficiency gains of public cloud to leverage the greater security that private clouds offer.”