Public, private or hybrid cloud? Make the smart choice!

You know you want to move to the cloud, but you don’t know which of the three major options – public, private and hybrid – are right for you. We’re here to help with this quick overview of the options, as well as the pros and cons of each.

Public Cloud

Think of this as a server in the sky. Public cloud, also known as infrastructure-as-a-service, provides the equivalent of a data center in a highly scalable, virtualized environment accessed over the internet. Customers can provision virtual servers – called “instances” – and pay only for the capacity they use. Many public cloud features are automated for self-service. Users can deploy their own servers when they wish and without IT’s involvement. Accounting and chargeback are automated. In fact, organizations often find the public cloud delivers the most significant savings not in equipment costs, but in administrative overhead.

The best applications to deploy in a public cloud are those that are already virtualized or that run on unmodified Linux or Windows operating systems. Commercial, off-the-shelf applications are a good example. Public cloud is also a good platform to use in evaluating and testing new applications, since many public cloud providers offer a wide variety of applications on a pay-as-you-go basis. Public cloud is also well suited to developing so-called “cloud native” applications, such as mobile apps.

Public cloud isn’t ideal for every use. Homegrown applications on legacy platforms or those with significant interdependencies may not migrate smoothly. Organizations that aren’t careful to manage instances can can end up paying for unused capacity. There are also hidden costs to be aware of, such as surcharges for data uploads and downloads or upcharges for guaranteed levels of service. Regulatory issues may also limit the use of public cloud for some applications entirely.Private Cloud

This is essentially a public cloud for use only by a single customer. Private clouds may be constructed on premises using virtualization and automation software, or licensed from service providers who deliver cloud services either from their own data centers or even on the customer’s own premises.

Private cloud is popular with companies that need tight control over data, whether for security, privacy or regulatory purposes. In regulated industries that specify how customer data must be stored and managed, it is sometimes the only cloud option. It’s also attractive for companies that need guaranteed service levels without the unpredictability of the public internet. Finally, private cloud provides the highest level of control for organizations that want deep visibility into who is using resources and how.

Private cloud is typically more expensive than public cloud because service providers must allocate capacity exclusively to the dedicated environment. However, that isn’t always the case. For companies with large capital investments in existing infrastructure, an on-premises private cloud is a good way to add flexibility, automation and self provisioning while preserving the value of their existing equipment. For predictable workloads, it can be the cheapest of the three models.

Hybrid Cloud

This is the most popular option for large corporations, and is expected to dominate the cloud landscape for the foreseeable future. Hybrid cloud combines elements of both public and private cloud in a way that enables organizations to shift workloads flexibly while keeping tight control over their most important assets. Companies typically move functions that are handled more efficiently to the public cloud but keep others in-house. The public cloud may act as an extension of an on-premises data center or be dedicated to specific uses, such as application development. For example, a mobile app developed in the public cloud may draw data from data stores in a private cloud.

Many of the benefits of hybrid cloud are the same as those of private cloud: control, security, privacy and guaranteed service levels. Organizations can keep their most sensitive data on premises but shift some of it to the public cloud at lower costs. They can also reduce costs by using public cloud to handle occasional spikes in activity that overtax their own infrastructure, a tactic known as “cloud bursting.” Hybrid cloud is also a transition stage that companies use as they move from on-premises to public cloud infrastructure.

There are many more dimensions to the public/private/hybrid cloud decision. A good managed service provider can help you understand the options and estimate the benefits and trade-offs.

Cloud’s Biggest Challenge: Data Sovereignty Laws

Cloud technologies are now integrated in the solutions used by companies: the promise of standardization and simplification without regard to physical or geographic boundaries, meets the requirements of corporate flexibility for an access to data anywhere, at all times on all their devices.

This explosion of virtualized data now requires countries to legislate to protect their citizens’ data, and forces cloud providers to implement practices which respect increasingly strict rules of governance, requiring from companies that collect, use and store data to keep them in the country where they were collected.

Organizations rely on the expertise of cloud solution providers but the best technology does not exempt them to think and plan, as ultimately they remain accountable for their data, no matter where they are hosted. Organizations have the responsibility to respect the laws of the countries where they operate.

How can we ensure to deal with a cloud provider who complies with the laws of the country?

It is the organization’s duty to establish proper governance rules and controls to ensure compliance of solutions in place. If technology is an invaluable resource, you must not make the mistake of being influenced by a specific solution. In other words, do your homework!

  • Data_Center-1024x682Create your roadmap – Where do you plan to expand your market? In case of expansion, start to gather information on the laws in force in the target countries to know the restrictions imposed by their legislation to assess what it will cost you to comply with them.
  • Learn about your cloud provider – Where is your data stored by the provider? Does it respect your governance rules? Is the provider able to provide proof?
  • Assess the strategic importance of compliance – Compliance with governance rules is not the same for everyone. How important is data protection to your business and how many resources are you willing to dedicate to it? You can manage data sovereignty on your own, or entrust it to an external provider.

Canadian integrators and datacentre providers are the way to go to give companies the option to do business with partners who understand the needs of their stakeholders, close to where they do business.

Patrick Naoum, Executive Vice-President – Strategy, Alliance and Client Solutions

See on this subject the article by Mike Ettling, President of SAP SuccessFactors: http://techcrunch.com/2015/12/26/the-clouds-biggest-threat-are-data-sovereignty-laws/

Cloud adoption: getting through the maze

Companies can no longer ignore the increasing importance of cloud computing when planning their technological investments and that they must choose from the options available on the market. Evaluating products and services based on the needs of the organization, not only for today, but above all for the future, is quite a challenge!CLOUD_READINESSBeyond the technological considerations (product compatibility, required investment, scalability of existing systems, etc.) there are the evaluation of the different providers and the services they offer, as well as the costs associated to their use. The best known cloud solutions on the market may seem attractive because they have a high visibility, often with a recognized brand, which is perceived as a guarantee of reliability. The savings announced by these solutions and their accessibility are often decisive criteria when the time comes to make a choice. It is however almost impossible to assess the real costs of these solutions, because several important variables remain unknown: the price of retained data, the cost of download per Go, pricing for transactions, etc.

Cloud offerings are diverse and are not equally suitable for all businesses. Some heterogenous environments are not easily transferable and it can be risky, if not impossible, to migrate to the cloud without a fundamental transformation of the architecture and the ways of making within the organization. Caution is therefore required when undertaking such an important turn. Do not see cloud computing as a simple upgrade to a more powerful technology, but as a business strategy. This demands a thorough evaluation of existing processes and of the legal and technological framework of the company, coupled with an action plan with clear goals to achieve.
Few companies have an IT team able to perform the necessary analysis of current processes in the organization and of the technological and governance challenges related to them.

It is in this context that specialized integrators provide a valuable contribution to the company’s thinking. A trusted partner will help you assess your needs and your cloud adoption process to optimize your investments while reaching your business goals.

Benoit Quintin – Cloud Services Director – ESI Technologies

Got your head in the cloud? Keep your feet on the ground!

A couple of weeks ago, ESI in partnership with NetApp, hosted a very special event on cloud computing & associated data privacy legal issues. Guest speaker for this event was non-other than Ms. Sheila FitzPatrick who is recognized by data protection authorities worldwide as one of the world’s leading experts on data protection legislation and the compliance process.

I had the chance to be briefed on this presentation by peers at ESI at which some of our clients were conveyed and one thing really hit me in the same way it hit all the participants at this event: the most important thing to remember with cloud services is that your company and you as a manager of that company will be held accountable for any data privacy issues of the cloud service provider you signed on with.

There you have it. You remain the owner and the person responsible for that data even though you no longer have control over it.

cloud-keyGiven that there is no transfer of legal responsibility from you to the cloud provider with regards to data, a long checkup list ensued that included questions such as: how does the cloud provider separate my data from other clients’ data? Where is it stored (under which jurisdiction)? How strong is encryption? How does it get moved to the cloud provider? Where are located my backups? How secure is data transfer?… This is only a very small sample of that checklist.

A local presence by a cloud provider doesn’t mean your data is entirely local. Often your backups are sent offshore in another country governed by different laws and in some cases this goes against the legislation to which your company must comply.

In short, cloud technology is much less about technology than it is about legal compliance, SLAs and contract management. Of course, there is still obviously a strong technology component to it. At ESI, and its network of partners like that of Ms. Sheila FitzPatrick from NetApp, we can help companies navigate through this to set their cloud strategy in motion in full understanding of what is at stake, since it all comes down to a question of risk management: what to move into a public cloud, what to keep in a private one.

Charles Tremblay, ESI Account Manager

Data Loss Prevention – a business challenge

Confidential, intellectual and sensitive data are the core of businesses. Some organizations have to comply to conformity regulations with their data and must find solutions to better manage their usage. Data loss, whether intentional or accidental, can have disastrous impacts and are becoming more frequent with the massive use of email, public storage solutions like Dropbox or even a simple USB key.
Coffre-fort
Some statistics:
•    64% of business data is lost intentionally
•    50% of employees leave with corporate data
•    35% of data loss is due to negligence
•    29% of data loss is due to system glitches
•    The loss of a single data costs an average of $200

By implementing a document management policy that rests on protection practices inspired by established norms, and by introducing a proven DLP solution, organizations can block undesirable data transfer, warn users and organization of the failed attempts and ensure data encryption when necessary.
You have obligations: you must protect confidential data which you are responsible. And… warn the authorities in case of loss!

Roger Courchesne, Director – Internetworking & Security practice