Public, private or hybrid cloud? Make the smart choice!

You know you want to move to the cloud, but you don’t know which of the three major options – public, private and hybrid – are right for you. We’re here to help with this quick overview of the options, as well as the pros and cons of each.

Public Cloud

Think of this as a server in the sky. Public cloud, also known as infrastructure-as-a-service, provides the equivalent of a data center in a highly scalable, virtualized environment accessed over the internet. Customers can provision virtual servers – called “instances” – and pay only for the capacity they use. Many public cloud features are automated for self-service. Users can deploy their own servers when they wish and without IT’s involvement. Accounting and chargeback are automated. In fact, organizations often find the public cloud delivers the most significant savings not in equipment costs, but in administrative overhead.

The best applications to deploy in a public cloud are those that are already virtualized or that run on unmodified Linux or Windows operating systems. Commercial, off-the-shelf applications are a good example. Public cloud is also a good platform to use in evaluating and testing new applications, since many public cloud providers offer a wide variety of applications on a pay-as-you-go basis. Public cloud is also well suited to developing so-called “cloud native” applications, such as mobile apps.

Public cloud isn’t ideal for every use. Homegrown applications on legacy platforms or those with significant interdependencies may not migrate smoothly. Organizations that aren’t careful to manage instances can can end up paying for unused capacity. There are also hidden costs to be aware of, such as surcharges for data uploads and downloads or upcharges for guaranteed levels of service. Regulatory issues may also limit the use of public cloud for some applications entirely.Private Cloud

This is essentially a public cloud for use only by a single customer. Private clouds may be constructed on premises using virtualization and automation software, or licensed from service providers who deliver cloud services either from their own data centers or even on the customer’s own premises.

Private cloud is popular with companies that need tight control over data, whether for security, privacy or regulatory purposes. In regulated industries that specify how customer data must be stored and managed, it is sometimes the only cloud option. It’s also attractive for companies that need guaranteed service levels without the unpredictability of the public internet. Finally, private cloud provides the highest level of control for organizations that want deep visibility into who is using resources and how.

Private cloud is typically more expensive than public cloud because service providers must allocate capacity exclusively to the dedicated environment. However, that isn’t always the case. For companies with large capital investments in existing infrastructure, an on-premises private cloud is a good way to add flexibility, automation and self provisioning while preserving the value of their existing equipment. For predictable workloads, it can be the cheapest of the three models.

Hybrid Cloud

This is the most popular option for large corporations, and is expected to dominate the cloud landscape for the foreseeable future. Hybrid cloud combines elements of both public and private cloud in a way that enables organizations to shift workloads flexibly while keeping tight control over their most important assets. Companies typically move functions that are handled more efficiently to the public cloud but keep others in-house. The public cloud may act as an extension of an on-premises data center or be dedicated to specific uses, such as application development. For example, a mobile app developed in the public cloud may draw data from data stores in a private cloud.

Many of the benefits of hybrid cloud are the same as those of private cloud: control, security, privacy and guaranteed service levels. Organizations can keep their most sensitive data on premises but shift some of it to the public cloud at lower costs. They can also reduce costs by using public cloud to handle occasional spikes in activity that overtax their own infrastructure, a tactic known as “cloud bursting.” Hybrid cloud is also a transition stage that companies use as they move from on-premises to public cloud infrastructure.

There are many more dimensions to the public/private/hybrid cloud decision. A good managed service provider can help you understand the options and estimate the benefits and trade-offs.

Cloud’s Biggest Challenge: Data Sovereignty Laws

Cloud technologies are now integrated in the solutions used by companies: the promise of standardization and simplification without regard to physical or geographic boundaries, meets the requirements of corporate flexibility for an access to data anywhere, at all times on all their devices.

This explosion of virtualized data now requires countries to legislate to protect their citizens’ data, and forces cloud providers to implement practices which respect increasingly strict rules of governance, requiring from companies that collect, use and store data to keep them in the country where they were collected.

Organizations rely on the expertise of cloud solution providers but the best technology does not exempt them to think and plan, as ultimately they remain accountable for their data, no matter where they are hosted. Organizations have the responsibility to respect the laws of the countries where they operate.

How can we ensure to deal with a cloud provider who complies with the laws of the country?

It is the organization’s duty to establish proper governance rules and controls to ensure compliance of solutions in place. If technology is an invaluable resource, you must not make the mistake of being influenced by a specific solution. In other words, do your homework!

  • Data_Center-1024x682Create your roadmap – Where do you plan to expand your market? In case of expansion, start to gather information on the laws in force in the target countries to know the restrictions imposed by their legislation to assess what it will cost you to comply with them.
  • Learn about your cloud provider – Where is your data stored by the provider? Does it respect your governance rules? Is the provider able to provide proof?
  • Assess the strategic importance of compliance – Compliance with governance rules is not the same for everyone. How important is data protection to your business and how many resources are you willing to dedicate to it? You can manage data sovereignty on your own, or entrust it to an external provider.

Canadian integrators and datacentre providers are the way to go to give companies the option to do business with partners who understand the needs of their stakeholders, close to where they do business.

Patrick Naoum, Executive Vice-President – Strategy, Alliance and Client Solutions

See on this subject the article by Mike Ettling, President of SAP SuccessFactors: http://techcrunch.com/2015/12/26/the-clouds-biggest-threat-are-data-sovereignty-laws/

Give me your backups!

image7Backing up data is at the heart of the activities of all businesses. However, the current legislation in the countries where companies are doing business requires respect to strict governance rules in order to comply with the agencies that regulate the markets and ensure the probity of organizations and their activities. One of our clients got a visit from anti-corruption officers, who requisitioned their backups months ago. The nature of the methodology used by the client for their backups is not conducive to find information quickly for the officers, preventing them to give back the copies to the client… To remedy this situation for the future, our client seeks to purchase an archiving solution to not only comply with the law, but above all to be able to recover their data in a reasonable time.
Businesses require increasingly archiving solutions to enforce governance regulations.

Companies are required to cooperate with the authorities and answer of their actions at all times. That’s what the compliance archiving solution provides. It is characterized by the ability to conduct legal research through the history of emails, attachments and files of the company. It also provides a methodology to protect relevant data on legal hold and easily export that information for the people requesting it.

The cost of inaccessibility to the company’s backups, the time required to retrieve the data, perform a search of suspicious documents and start the process over for the next time, is much more expensive than having a compliance archiving system that will perform the same task in minutes instead of hours or even days or weeks. The value added math is simple for our clients.

Michel Rail, Senior Consultant – Architecture & Technologies

Cloud adoption: getting through the maze

Companies can no longer ignore the increasing importance of cloud computing when planning their technological investments and that they must choose from the options available on the market. Evaluating products and services based on the needs of the organization, not only for today, but above all for the future, is quite a challenge!CLOUD_READINESSBeyond the technological considerations (product compatibility, required investment, scalability of existing systems, etc.) there are the evaluation of the different providers and the services they offer, as well as the costs associated to their use. The best known cloud solutions on the market may seem attractive because they have a high visibility, often with a recognized brand, which is perceived as a guarantee of reliability. The savings announced by these solutions and their accessibility are often decisive criteria when the time comes to make a choice. It is however almost impossible to assess the real costs of these solutions, because several important variables remain unknown: the price of retained data, the cost of download per Go, pricing for transactions, etc.

Cloud offerings are diverse and are not equally suitable for all businesses. Some heterogenous environments are not easily transferable and it can be risky, if not impossible, to migrate to the cloud without a fundamental transformation of the architecture and the ways of making within the organization. Caution is therefore required when undertaking such an important turn. Do not see cloud computing as a simple upgrade to a more powerful technology, but as a business strategy. This demands a thorough evaluation of existing processes and of the legal and technological framework of the company, coupled with an action plan with clear goals to achieve.
Few companies have an IT team able to perform the necessary analysis of current processes in the organization and of the technological and governance challenges related to them.

It is in this context that specialized integrators provide a valuable contribution to the company’s thinking. A trusted partner will help you assess your needs and your cloud adoption process to optimize your investments while reaching your business goals.

Benoit Quintin – Cloud Services Director – ESI Technologies

Got your head in the cloud? Keep your feet on the ground!

A couple of weeks ago, ESI in partnership with NetApp, hosted a very special event on cloud computing & associated data privacy legal issues. Guest speaker for this event was non-other than Ms. Sheila FitzPatrick who is recognized by data protection authorities worldwide as one of the world’s leading experts on data protection legislation and the compliance process.

I had the chance to be briefed on this presentation by peers at ESI at which some of our clients were conveyed and one thing really hit me in the same way it hit all the participants at this event: the most important thing to remember with cloud services is that your company and you as a manager of that company will be held accountable for any data privacy issues of the cloud service provider you signed on with.

There you have it. You remain the owner and the person responsible for that data even though you no longer have control over it.

cloud-keyGiven that there is no transfer of legal responsibility from you to the cloud provider with regards to data, a long checkup list ensued that included questions such as: how does the cloud provider separate my data from other clients’ data? Where is it stored (under which jurisdiction)? How strong is encryption? How does it get moved to the cloud provider? Where are located my backups? How secure is data transfer?… This is only a very small sample of that checklist.

A local presence by a cloud provider doesn’t mean your data is entirely local. Often your backups are sent offshore in another country governed by different laws and in some cases this goes against the legislation to which your company must comply.

In short, cloud technology is much less about technology than it is about legal compliance, SLAs and contract management. Of course, there is still obviously a strong technology component to it. At ESI, and its network of partners like that of Ms. Sheila FitzPatrick from NetApp, we can help companies navigate through this to set their cloud strategy in motion in full understanding of what is at stake, since it all comes down to a question of risk management: what to move into a public cloud, what to keep in a private one.

Charles Tremblay, ESI Account Manager