No two cloud environments are identical. How can you figure out what’s best for your individual business?
By Michael Laudenslager, Cloud Architecture & Security
Companies of all sizes must consider many factors when choosing the type of cloud infrastructure that will best suits their unique needs. These include issues like office location, number of remote workers, compliance requirements, the need for security and control, and more.
There isn’t a single right or wrong way to leverage the benefits of cloud, and the process of choosing between public, private and hybrid cloud environments can be complicated. Whether you’re running a family office, a midsized asset management firm or a large umbrella group of jointly managed pension funds, you’ll want to design an individual cloud strategy that reflects your business goals.
We encourage all of our clients to reflect on their short and long-term objectives when evaluating the potential benefits of cloud migration. Are you most interested in saving money? Opening new offices in a geographically distant location? Or perhaps closing all of your physical offices entirely and moving to a remote-work only model? Only by beginning with the ends in mind can you be confident that you’ll achieve your desired result.
To help you navigate the complexities of cloud decision-making, we’ve put together this brief guide highlighting the six primary factors to consider.
If you’d like to maintain full control over where your data is located, where your applications are running or who has access to this data center, you’ll want to avoid the public cloud. At any given time in the public cloud, you do not know the exact location from which you are accessing your data. The major public cloud vendors have multiple datacenters within a single region and/or availability zone and you do not have input on exactly where your data is “live”. You also do not have the ability to override public cloud vendor maintenance windows, which affect where your data is located during those times.
Similarly, if your uptime requirements are stringent, you should be aware that there’s no way to avoid downtime in case of major system outages like those that have been known to impact global users of Microsoft Teams, Office 365 and Outlook. While public cloud providers strive to provide extremely high availability and uptime rates, in cases where their systems do fail, you’ll have to wait – just like millions of other impacted users – for the cloud provider to resolve the problem.
With a private cloud environment, you’re in control of exactly where your data is stored. You can be confident of the physical and logical security measures that are in place, can know exactly what steps are being taken to recover from outages at any stage in the process, and can stay informed about who works inside the datacenter. If for instance, your data is subpoenaed for use in a government investigation, Microsoft is under no obligation to inform you or gain approval prior to handing it over to the authorities. A provider offering a private-only platform like Edge Technology Group’s CloudSuite will let you know immediately.
Even within a single alternative investment firm, not all applications require the same degree of control and security. Designing a hybrid cloud environment allows you to exert fine-grained control over your most sensitive workloads while enjoying cost-savings and scalability by relegating those that are less sensitive to the public cloud.
It’s certainly possible to design a public cloud environment that’s just as secure as a private cloud solution, but it requires care, forethought and attention to the specific cloud options and configurations you select.
When it comes to application security and data protection, public cloud providers and Software-as-a-Service (SaaS) vendors like Microsoft offer multiple different “tiers” of service depending on the enterprise licensing plan you select. Although the least expensive tiers may seem attractive due to their lower per-user costs, they generally don’t provide adequate file protection, identity and access management capabilities or other advanced security provisions needed to meet compliance requirements in the financial services industry. For more effective security that mitigates the real-world risks of a breach – as well as the devastating loss of investor confidence that would follow – you’ll need to choose the top-level (and most expensive) licensing plan.
Major public cloud providers maintain hundreds of datacenters around the world. They leverage enterprise-grade hardware and advertise that they adhere to industry-leading physical security standards. Still, you’ll never know exactly where your data resides and you’ll never have precise control over the physical security measures present in its environment.
There’s no global regulatory board governing the financial services industry. Instead, your firm is responsible for meeting all local and national requirements in every country where you’ve established an office. These can vary greatly around the world, as well as for different firm sizes and types. In China, for example, there’s a mandate that firms who retain a managed service provider (MSP) must maintain independent access to their data via a system that’s outside of the MSP’s control. Highly specific requirements like this one may steer you toward a private cloud environment, or conversely, make public cloud infrastructures more appealing.
Much like the great myth that there are no outages in the Public Cloud, there is also a common opinion that the public cloud is always cheaper. However, this isn’t always reflected by reality. To make certain the public cloud environment you’re choosing will cost less on a monthly basis, you’ll need to add up all the additional costs that public cloud vendors price on an à la carte basis. Many of these additional costs are typically covered by private cloud providers in a service package. These can include backup features (How often are snapshots taken? How long are they retained?), security options, data availability guarantees and service uptime rates. In addition, it’s worthwhile to consider whether or not technical support is included: if not, per-minute charges for open tickets can add up fast.
Furthermore, such monthly costs typically change as your technology estate evolves with your business requirements. Cost control is therefore a key consideration. A traditional private cloud has a fixed cost base and, more often than not and against popular belief, at a commercial rate that is either on par or lower than a public cloud alternative with the above considerations. Public cloud providers, Microsoft in particular, increase their prices year after year, often on more than once each year. It’s important to be aware that commercially attractive propositions on Day 1 are very likely to change considerably over the months and years that follow.
Lastly, consider your migration costs. For start-ups that have little data to move and no legacy in-office hardware, it can be much more economical to leverage public cloud options. Larger and more established firms may find that month-to-month cost savings are minimal if not non-existent and migration charges exorbitant.
Make no mistake — a cloud migration project is a large-scale undertaking that’s guaranteed to take time and cost money. Depending on the size of your firm, your tolerance for disruption and downtime, and the number of legacy software applications that are mission-critical for your business, it may make sense to keep some systems on premises. Hybrid environments can provide a best-of-both worlds approach that allows you to migrate nonessential applications gradually.
Where your partners and employees live and work will have significant implications for which cloud computing model will best meet their needs. Performance is best when datacenters are located in the same region as their users. This may not have big drawbacks when you consider occasional employee travel. But it may be very important if you open an office in Hong Kong that performs time-sensitive trading.
Be aware that Microsoft does not offer global tenancy to customers with fewer than 250 seats. What does this mean? An international small business will have to run out of a single Microsoft datacenter location. This has the potential to create latency issues for the majority of its employees.
Policies like this are constantly changing, though. In early 2019, Microsoft’s requirement for global tenancy was over ten thousand seats. It’s essential to keep up with the latest offerings to understand what’s currently possible in the public cloud.
Perhaps you’re thinking that this was a detailed discussion? In fact, we’re only scratching the surface of the issue. There are a myriad of considerations to take into account when designing a cloud computing environment. Check out the upcoming articles in this series to learn more about the pros and cons of each type.