Cloud computing – the use of someone else’s hardware and software to serve up applications and store data has been on the rise in recent years. Companies have been jumping on both Software-as-a-Service (SaaS) options, think QuickBooks Online, or utilizing Amazon Web Services or Microsoft Azure to provide the compute resources (processor, memory, storage, licensing) to install and manage their own applications outside of their physical premises.
I am often asked, “Should we go to the cloud?”, and my reply is usually, “It depends on how you answer these five questions.” However even if your responses fit, work place politics and culture may still change the answer.
- Do you need integration and customization to other applications?
- What level of data backup and redundancy is required?
- What compliance and security requirements does your company have?
- What if we want to leave for another cloud?
- How do the costs compare?
Integration between applications is becoming simpler and more common, which in turn means more complex. The ability to move data and create workflow amongst cloud applications can be more challenging than in a premise based environment because instead of one physical environment hosting the applications and data on servers, there are numerous clouds with the applications and data which need to interact in a secure, stable manner. Customization allows for changes to the software or data to better fit workflow of an organization. Perhaps there are some data fields to be collected that are not part of the base application or there are forms and templates that can be edited to improve workflow. Cloud solutions may not allow for customization of the database or forms and templates while the premise based application will.
Data backup and redundancy are two underlying business continuity and disaster recovery considerations that weigh heavily in both cloud and premise based applications. Recent Ransomware attacks and data center down-time has impacted significant numbers of companies and users. Not all cloud applications provide redundant, synchronized experiences that can manage outages thereby leaving users without access. In addition to having redundancy, cloud providers do not automatically back data up in terms of frequency and retention, which precludes obtaining previous files that may be deleted.
Compliance and Security are also becoming center-piece topics for businesses that are subject to privacy and regulatory requirements either at the industry or government level. Companies using the cloud still must provide policies, vulnerability scans and security risk assessments (SRA) for both their local environment and insure that their cloud provider is doing the same. Relationships among Business Associates (BA) and Covered Entities (CE) include cloud providers of applications and data storage. Just using the cloud does not mitigate the responsibility and in certain instances might create more risk.
Leaving your cloud provider provides certain challenges that don’t exist in premise based applications. Many companies have one or more legacy applications with data that are no longer under support, are not on the current version but are still in production. This is not possible with the end of an agreement with a cloud based application. The data can be exported and downloaded, although not always in a useful or usable format but the access and processing of data by an application will not be possible.
Cost is more than the monthly check written to the cloud provider or check for your premise based servers. Total Cost of Technology includes capital expenses (on-premises hardware / software), operating expenses (services, support, and maintenance fees), and indirect costs (potential downtime and time-to-market delays) and is a vital tool when comparing solutions. Premise based servers have an expected five-year life-cycle so it’s easy to build a cost model for them. Cloud based applications usually have a subscription that wraps the Total Cost of Technology into a per user charge that is paid forever.
Even though the Five Critical Questions may indicate that a cloud solution is better than a premise based one, certain work place politics may arise including status, influence, job security and manipulation of the situation. Company culture may influence the decision around data security, control and privacy, flexibility, collaboration, speed and growth of the organization. Make sure to check both of these areas when considering cloud versus a premise based IT environment.
At the end of the day you can decide by using a framework for evaluating the “Five Critical Questions” with a review of office politics and company culture biases.
Scott Cooper is the President of Tower 23 IT, an IT outsource solution for small to medium businesses specializing in protecting client health and financial data to meet privacy, compliance and security requirements in the healthcare, legal, financial, real estate and insurance industries. Scott can be reached at scottc@Tower23IT.com or 858.877.6219.
