Public, private or hybrid cloud? Make the smart choice!

You know you want to move to the cloud, but you don’t know which of the three major options – public, private and hybrid – are right for you. We’re here to help with this quick overview of the options, as well as the pros and cons of each.

Public Cloud

Think of this as a server in the sky. Public cloud, also known as infrastructure-as-a-service, provides the equivalent of a data center in a highly scalable, virtualized environment accessed over the internet. Customers can provision virtual servers – called “instances” – and pay only for the capacity they use. Many public cloud features are automated for self-service. Users can deploy their own servers when they wish and without IT’s involvement. Accounting and chargeback are automated. In fact, organizations often find the public cloud delivers the most significant savings not in equipment costs, but in administrative overhead.

The best applications to deploy in a public cloud are those that are already virtualized or that run on unmodified Linux or Windows operating systems. Commercial, off-the-shelf applications are a good example. Public cloud is also a good platform to use in evaluating and testing new applications, since many public cloud providers offer a wide variety of applications on a pay-as-you-go basis. Public cloud is also well suited to developing so-called “cloud native” applications, such as mobile apps.

Public cloud isn’t ideal for every use. Homegrown applications on legacy platforms or those with significant interdependencies may not migrate smoothly. Organizations that aren’t careful to manage instances can can end up paying for unused capacity. There are also hidden costs to be aware of, such as surcharges for data uploads and downloads or upcharges for guaranteed levels of service. Regulatory issues may also limit the use of public cloud for some applications entirely.Private Cloud

This is essentially a public cloud for use only by a single customer. Private clouds may be constructed on premises using virtualization and automation software, or licensed from service providers who deliver cloud services either from their own data centers or even on the customer’s own premises.

Private cloud is popular with companies that need tight control over data, whether for security, privacy or regulatory purposes. In regulated industries that specify how customer data must be stored and managed, it is sometimes the only cloud option. It’s also attractive for companies that need guaranteed service levels without the unpredictability of the public internet. Finally, private cloud provides the highest level of control for organizations that want deep visibility into who is using resources and how.

Private cloud is typically more expensive than public cloud because service providers must allocate capacity exclusively to the dedicated environment. However, that isn’t always the case. For companies with large capital investments in existing infrastructure, an on-premises private cloud is a good way to add flexibility, automation and self provisioning while preserving the value of their existing equipment. For predictable workloads, it can be the cheapest of the three models.

Hybrid Cloud

This is the most popular option for large corporations, and is expected to dominate the cloud landscape for the foreseeable future. Hybrid cloud combines elements of both public and private cloud in a way that enables organizations to shift workloads flexibly while keeping tight control over their most important assets. Companies typically move functions that are handled more efficiently to the public cloud but keep others in-house. The public cloud may act as an extension of an on-premises data center or be dedicated to specific uses, such as application development. For example, a mobile app developed in the public cloud may draw data from data stores in a private cloud.

Many of the benefits of hybrid cloud are the same as those of private cloud: control, security, privacy and guaranteed service levels. Organizations can keep their most sensitive data on premises but shift some of it to the public cloud at lower costs. They can also reduce costs by using public cloud to handle occasional spikes in activity that overtax their own infrastructure, a tactic known as “cloud bursting.” Hybrid cloud is also a transition stage that companies use as they move from on-premises to public cloud infrastructure.

There are many more dimensions to the public/private/hybrid cloud decision. A good managed service provider can help you understand the options and estimate the benefits and trade-offs.

Cloud Strategy: data collection

Here is part 6 of our series covering the key issues to consider before adopting cloud technologies. This month, we discuss how to build your strategy and data points that must be considered.

When considering & building a cloud strategy, organisations need to consider business objectives/outcomes desired, quantifiable and time-bound goals as well as identify specific initiatives that the enterprise can and should undertake in order to execute the strategy and achieve the goals set. As shown by surveys on the subject by Gartner in 2013 and 2014, process and culture are likely to be big hurdles in any move to cloud. Therefore, involving all aspects of the business and gathering the right information can assist in building the right strategy and identify potential problems ahead of time.

The first concrete step to take to building this strategy is to gather the data points to identify and define those objectives, goals and initiatives for the entreprise in the near – and mid – terms. Once the data is collected, you can review, analyze and identify the business outcomes desired, set the (quantifiable) goals and define the specific initiatives you want to put in place to achieve them. This should not be a strict price or technology evaluation.

Data Collection
The data points needed will have to come from various parts of the organisation (business units, finance, HR and IT). Some of the information required may take the form of files, but a lot of the required information will reside with your staff directly, and so interviews should be a part of the data collection process. These interviews should take up to a few hours each and focus on the interviewees functions, processes used and required/desired business outcomes, to provide insight into the actual impacts to the business before creating your cloud strategy.

With this data, you will be in a position to account for all aspects touching cloud computing, to see what it will affect and how, to evaluate its effect on the balance sheet (positive or negative) and decide on your strategy moving forward.

Benoit Quintin, Director Cloud Services – ESI Technologies

Cloud Strategy – human impacts across organization

Here is part five of our series covering the key issues to consider before adopting cloud technologies. This month, we discuss the impact on human resources.

Resources in your organisation will be impacted by this change. Both on the IT side and on the business side. While helping companies move to cloud we have had to assist with adapting IT job descriptions, processes and roles within the organisation.

As the IT organisation moves into a P&L role, its success starts to be tied to the adoption by the stakeholders of the services offered. To do this, IT needs to get closer to the business units, understand their requirements and deliver access to resources on-demand. All this cannot happen unless things change within the IT group.

As companies automate their practice, and create a self-service portal to provision resources, some job descriptions need to evolve. A strong and clear communication plan with set milestones helps employees understand the changes coming to the organisation, and involving them in the decision process will go a long way to assist in the transition. We have seen that IT organisations with a clear communication plan at the onset that involved their employees in the process had a much easier transition, and faster adoption rate than those who did not.

Our experience helping customers with cloud computing shows that cloud alters significantly IT’s role and relationship with the business, and employees’ roles need to evolve. Training, staff engagement in the transition and constant communication will help your organisation significantly move to this new paradigm.

Benoit Quintin, Director Cloud Services – ESI Technologies

Cloud Strategy: technological impacts

Here is part four of our series covering the key issues to consider before adopting cloud technologies. This article focuses specifically on technological impacts to consider.

Not all software technology is created equal. Indeed, not every application will migrate gracefully to the cloud, some will never tolerate the latency, while others were never designed to have multiple smaller elements working together, rather than a few big servers. This means your business applications will need to be evaluated for cloud readiness. Indeed, this is possibly the largest technological hurdle, but, as with all technology, this may prove to be easier to solve that some of the other organisational issues.

One should look at the application’s architecture (n-tiered or monolithic), tolerance to faults/issues (e.g. latency, network errors, services down, servers down) and how the users consume the application (always from a PC, from the office, or fully decentralized, with offline and mobile access), to evaluate options for migrating an application to the cloud. Current growth rate and state of the organisation are often times mirrored in its IT consumption rate and requirements. Certainly, an organisation that’s under high growth rates or launching a project where growth is not easily identifiable can possibly benefit significantly from a scalable, elastic cloud model, whereas an organisation with slower growth, familiar / standard projects and predictable IT requirements will not likely assess the value of cloud computing the same way. Accountability of resources and traceability of all assets in use may be of bigger concern.

Architecture, applications and legacy environments are all technological considerations that should be factored in any cloud computing viability & readiness assessment, but that should probably not be the main driver for your cloud strategy.

Benoit Quintin, Director Cloud Services – ESI Technologies

Cloud Strategy: legal impacts across the organization

Here is part three of our series covering the key issues to consider before adopting cloud technologies. This article focuses specifically on legal impacts on your organization.

“Location, location, location”. We’re more accustomed to hearing this in the context of the housing market. However, where your company’s headquarters reside, where your company does business and where its subsidiaries are located directly impact how you need to manage sensitive information, such as strategic projects, HR/personnel information, etc.; essentially, IT needs to account for data sovereignty laws and regulations.

Various countries have already voted or are moving towards voting on more restrictive data sovereignty legislations that will control the transit of information out of border. For example, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) already governs how IT organisations can collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. Essentially, all personally identifiable information must stay in country, at rest and in transit, meaning that using a cloud provider in the US or any other country with said data could expose the company – and you – to a lawsuit, unless the cloud provider can guarantee no aforementioned data ever leaves the country at any time, including for redundancy/DR purposes.

While the previous Act covered what must be protected, the American law (the USA Freedom Act, and its previous incarnation, the Patriot Act) enables the US government to access any and all data residing on its soil, without owner’s authorization, need for warrant and without even the need to notice the owner before or after the fact. The few data privacy provisions in the bill apply to American citizens and entities only. This means all data housed in the US are at risk, especially if said data is owned by an organisation whose headquarters are out of country.

If in Europe, laws vary from country to country, we find that the regulations on data protection are becoming more stringent, requiring the establishment of procedures and controls to protect personal data and obtaining the explicit authorization of persons to collect and use their information. All this imposes guidelines to the use of the cloud within the country or outside their borders.

Typically, data sovereignty should be a concern for most organisations when looking at cloud and, as the current trend is for countries to vote in more stringent laws, any and all cloud strategy should account for local, national and international regulations.

Benoit Quintin – Director Cloud Services – ESI Technologies

Cloud Strategy: business impacts across the organization

Here is the second part of our series covering the key issues to consider before adopting cloud technologies. This article focuses specifically on business impacts on your organization.

Most markets are evolving faster than ever before, and the trend seems to be accelerating, so organisations globally need to adapt and change the way they go to market. From a business standpoint, the flexibility and speed with which new solutions can be delivered via cloud help enable the business units to react faster and better. So much so, that where IT organisations have not considered automating aspects of provisioning to provide more flexibility and faster access to resources, business units have started going outside of IT, to some of the public cloud offerings, for resources.

Planning for cloud should consider people and processes, as both will likely be directly impacted. From the requisition of resources, all the way to charging back the different business units for resources consumed, managed independently from projects’ budgets, processes that were created and used before the advent of cloud in your organisation should be adapted, if not discarded and rebuilt from scratch. IT will need to change and evolve as it becomes an internal service provider (in many instances, a P&L entity) – and resources broker for the business units.

Considering the large capital investments IT has typically been getting as budget to ‘keep the lights on’, and considering that, until recently, this budget had been growing at double digits rate since the early days of mainframe; the switch from a capital investment model to an operational model can impact the way IT does business significantly. Indeed, we have seen the shift forcing IT to focus on what it can do better, review its relationships with the vendors, ultimately freeing up the valuable investment resources. In many organisations, this has also translated to enabling net new projects to come to life, in and out of IT.

Once this transformation is underway, you should start seeing some of the benefits other organisations have been enjoying, starting with faster speed to market on new offerings. Indeed, in this age of mobile everything, customers expect access to everything all the time, and your competition is likely launching new offerings every day. A move towards cloud enables projects to move forward at an accelerated pace, letting you go to market with updated offerings much faster.

Benoit Quintin, Director Cloud Services, ESI Technologies

Cloud computing: strategy and IT readiness – Transformation in IT

Here is the first of a series of articles that provide both business and IT executives insights into the key issues that they should consider when evaluating cloud services, paying particular attention to business and legal ramifications of moving to the cloud environment, whether it is private, hybrid or public.

cloud-question-mark-710x345For the last few decades, IT organisations have been the only option for provisioning IT resources for projects. Indeed, all new projects would involve IT, and the IT team was responsible for acquiring, architecting and delivering the solution that would sustain the application/project during its lifecycle, planning for upgrades along the way.
This led to silo-based infrastructures – and teams -, often designed for peak demand, without possibilities of efficiency gains between projects. The introduction of compute virtualization, first for test/dev and then for production, showed other options were possible and available and that by aggregating requirements across projects, IT could get significant efficiencies of scale and costs while getting more flexibility and speed to market, as provisioning a virtual server suddenly became a matter of days, rather than weeks or months.
Over time, IT started applying these same methods to storage and network and these showed similar flexibility, scalability and efficiency improvements. These gains, together with automation capabilities and self-service portals, were combined over time to become what we know as ‘cloud offerings’.
In parallel to this, IT, in some organisations, has become structured, organized, usually silo’d, and, unfortunately, somewhat slow to respond to business needs. This has led to a slow erosion of IT’s power and influence over IT resources acquisition, delivery and management. Coupled with the existing commercial/public cloud options these days, capital is rapidly leaving the organisation for 3rd party public cloud vendors, also known as shadow IT. This raises concerns, not the least of which being that funds are sent outside the organisation to address tactical issues, typically without regard to legal implications, data security or cost efficiency. These issues highlight IT’s necessity to react faster, become more customer driven, deliver more value and provide its stakeholders with flexibility matching that of public cloud. Essentially, IT needs to evolve to become a business partner; cloud computing providing the tools by which IT offers flexibility, scalability and speed to market that the business units are looking for in today’s market.

Benoit Quintin, Director Cloud Services, ESI Technologies

Cloud’s Biggest Challenge: Data Sovereignty Laws

Cloud technologies are now integrated in the solutions used by companies: the promise of standardization and simplification without regard to physical or geographic boundaries, meets the requirements of corporate flexibility for an access to data anywhere, at all times on all their devices.

This explosion of virtualized data now requires countries to legislate to protect their citizens’ data, and forces cloud providers to implement practices which respect increasingly strict rules of governance, requiring from companies that collect, use and store data to keep them in the country where they were collected.

Organizations rely on the expertise of cloud solution providers but the best technology does not exempt them to think and plan, as ultimately they remain accountable for their data, no matter where they are hosted. Organizations have the responsibility to respect the laws of the countries where they operate.

How can we ensure to deal with a cloud provider who complies with the laws of the country?

It is the organization’s duty to establish proper governance rules and controls to ensure compliance of solutions in place. If technology is an invaluable resource, you must not make the mistake of being influenced by a specific solution. In other words, do your homework!

  • Data_Center-1024x682Create your roadmap – Where do you plan to expand your market? In case of expansion, start to gather information on the laws in force in the target countries to know the restrictions imposed by their legislation to assess what it will cost you to comply with them.
  • Learn about your cloud provider – Where is your data stored by the provider? Does it respect your governance rules? Is the provider able to provide proof?
  • Assess the strategic importance of compliance – Compliance with governance rules is not the same for everyone. How important is data protection to your business and how many resources are you willing to dedicate to it? You can manage data sovereignty on your own, or entrust it to an external provider.

Canadian integrators and datacentre providers are the way to go to give companies the option to do business with partners who understand the needs of their stakeholders, close to where they do business.

Patrick Naoum, Executive Vice-President – Strategy, Alliance and Client Solutions

See on this subject the article by Mike Ettling, President of SAP SuccessFactors: http://techcrunch.com/2015/12/26/the-clouds-biggest-threat-are-data-sovereignty-laws/

Give me your backups!

image7Backing up data is at the heart of the activities of all businesses. However, the current legislation in the countries where companies are doing business requires respect to strict governance rules in order to comply with the agencies that regulate the markets and ensure the probity of organizations and their activities. One of our clients got a visit from anti-corruption officers, who requisitioned their backups months ago. The nature of the methodology used by the client for their backups is not conducive to find information quickly for the officers, preventing them to give back the copies to the client… To remedy this situation for the future, our client seeks to purchase an archiving solution to not only comply with the law, but above all to be able to recover their data in a reasonable time.
Businesses require increasingly archiving solutions to enforce governance regulations.

Companies are required to cooperate with the authorities and answer of their actions at all times. That’s what the compliance archiving solution provides. It is characterized by the ability to conduct legal research through the history of emails, attachments and files of the company. It also provides a methodology to protect relevant data on legal hold and easily export that information for the people requesting it.

The cost of inaccessibility to the company’s backups, the time required to retrieve the data, perform a search of suspicious documents and start the process over for the next time, is much more expensive than having a compliance archiving system that will perform the same task in minutes instead of hours or even days or weeks. The value added math is simple for our clients.

Michel Rail, Senior Consultant – Architecture & Technologies

Cloud adoption: getting through the maze

Companies can no longer ignore the increasing importance of cloud computing when planning their technological investments and that they must choose from the options available on the market. Evaluating products and services based on the needs of the organization, not only for today, but above all for the future, is quite a challenge!CLOUD_READINESSBeyond the technological considerations (product compatibility, required investment, scalability of existing systems, etc.) there are the evaluation of the different providers and the services they offer, as well as the costs associated to their use. The best known cloud solutions on the market may seem attractive because they have a high visibility, often with a recognized brand, which is perceived as a guarantee of reliability. The savings announced by these solutions and their accessibility are often decisive criteria when the time comes to make a choice. It is however almost impossible to assess the real costs of these solutions, because several important variables remain unknown: the price of retained data, the cost of download per Go, pricing for transactions, etc.

Cloud offerings are diverse and are not equally suitable for all businesses. Some heterogenous environments are not easily transferable and it can be risky, if not impossible, to migrate to the cloud without a fundamental transformation of the architecture and the ways of making within the organization. Caution is therefore required when undertaking such an important turn. Do not see cloud computing as a simple upgrade to a more powerful technology, but as a business strategy. This demands a thorough evaluation of existing processes and of the legal and technological framework of the company, coupled with an action plan with clear goals to achieve.
Few companies have an IT team able to perform the necessary analysis of current processes in the organization and of the technological and governance challenges related to them.

It is in this context that specialized integrators provide a valuable contribution to the company’s thinking. A trusted partner will help you assess your needs and your cloud adoption process to optimize your investments while reaching your business goals.

Benoit Quintin – Cloud Services Director – ESI Technologies