External vs internal: Why hybrid cloud is the way to go
... For most of us, says Dave Cartwright
A never-ending stream of cloud providers tells us that they can do a better job than our internal IT departments. And occasionally we come across surveys claiming the same thing. Is it all marketing puff or is there some substance in claims that external is better than internal?
They look after the servers for you … but ...
When you put something in the cloud, you don't have to worry so much about the hardware. The reliability of the average decent cloud service (no half-baked amateur cowboys, thanks very much) is very good, and you can wave goodbye to the need to replace the hardware every three or four years.
This doesn't mean you can completely disregard the server maintenance aspect of life: you still need to keep up with the application update and the operating system patches. This is a non-trivial thing to do - with an OS service pack there's always the risk of something going a bit pear-shaped and the box not coming back up.
Connecting to the cloud service
If you put something in the cloud, you need to be able to connect to it with a sufficiently snappy connection that it's usable. A cheap and cheerful DSL is seldom a useful way to connect to a cloud service - you need proper internet connectivity and it needs to be reliable. If you're relying on a cheap connection with a cheap router, and you don't consider how you might make the connection resilient, you're asking for some downtime.
Convincing the security manager
“Let's put our directory service in someone else's data centre”. It's easy to feel sheepish when you hear yourself say this out loud to your executives or your corporate security officer. If you're connecting to the cloud service via the internet then presumably so can anyone else; it's easy not to have the confidence in a cloud-based service than in something in-house whose firewalls you control yourself.
The world wouldn't be full of cloud services if the external option were so awful.
Hang on … this glass is half full
Although there are some pitfalls, the world wouldn't be full of cloud services if the external option were so awful. There are many big companies making much big money from cloud services, and for a very good reason.
First of all, a cloud installation doesn't have to be an order of magnitude less secure than an on-premise offering. There's nothing to stop you nailing up a VPN connection between your office and your cloud provider's network - and this is precisely how I used to run a bunch of my company's global WAN for connectivity between data centres and the smaller offices that didn't warrant expensive point-to-point links.
Quite frankly if the service provider is keeping its infrastructure up to date (which it will be if it's any good) then the virtual firewalls in its estate are way more up-to-date and secure than much of the rubbish running in on-premise setups around the world.
As for problems with upgrading server operating systems: yes, it's a potential problem but as long as your provider gives you a means to take a snapshot (or, at a push, a copy) of your servers in order that you have a backout plan in the event that it turns up its toes.
Oh, and if you're so concerned about resilience then why not have mirrored pairs of servers: most of the applications I've used have the ability to continue in a resilient setup despite running dissimilar versions, so long as the releases aren't vastly different – which means you can upgrade one server, fail over, test, then upgrade the second server and fail back.
At this point, let's remember that in many cloud setups you don't just rent the server space but in fact the entire application – the most prominent example being, of course, Office 365.
Now, Office 365 is most definitely not cheap - but when you consider the vast amount of time you save in not having to employ rocket scientists to manage and cuddle the temperamental monster that is an Exchange server cluster, you tend to find it hard not to succumb to the cloud option.
And finally, when you've evaluated all the plus and minus points to going for an external service, don't let the simple fact that any minus points exist cause you to drop the idea entirely. Technology is a land of compromise, and the choice is one of whether a risk is acceptable, not whether it exists at all.
Do cloud companies go out of their way to exaggerate the benefits of moving to their service? Of course they do - that's what the sales guys are paid for. Are there things you can't do in the cloud that you can do on-premise? Yes, of course - it's in your office or your data centre so by definition it's going to be easier to hook things together and to access stuff from the average user's desk.
Just because the external option isn't an order of magnitude more attractive than doing it at home, don't discount the idea completely. Some stuff fits better on-premise. Moving some stuff to the cloud makes sense.
Which is a good thing, because the average company that considers external services won't go completely that way. Hybrid is the answer for the average company. ®
Sponsored: Becoming a Pragmatic Security Leader